When I was younger, I had a habit of focusing in on one thing. It was my mother who told me to “look at the big picture.” The same is true in the world of information security. There are more things going on than meet the eye when it comes to keeping systems safe. One needs to take a systematic approach in looking at each individual domain.
Team EthicalHatLessons Learned From the Bank of Bangladesh
Since the early ‘80s, computer hackers have employed increasingly complex exploits to gain total control over servers, access confidential data, and spread malware and botnets. To combat this, starting around the turn of the century, hardware and software vendors have been developing and shipping protections that try and harden your machines against hackers. While most commercial anti-virus attempts to identify viruses by comparing behavior of currently running software with pre-created lists of behavior of known malware, these hardware and software protections operate in a fundamentally different fashion. Normally an inseparable part of either the operating system, the physical machinery, or the compiler used to generate the commercial software, these protections restrict what applications can do at runtime in order to prevent hackers from gaining control over the program and subsequent computer.
This post is meant as a walk through how state-of-the-art computer security has evolved in recent years, as well as a discussion on where we stand now and what to look for in the years ahead.
Team EthicalHatModern Computer Security Protections from an Attacker’s Perspective
Today, it’s almost impossible to have a normal routine that doesn’t depend on several online accounts. From Facebook to forums, from LinkedIn in to online banking, our globalized world is growing ever more dependent on the internet to stay connected and with October being National Cyber Security Awareness Month, it’s time to take a critical look at how people protect their online data.
With the rise of big-name bugs that made headlines within the past year: Heartbleed, Shellshock, and Poodle, cyber security has become a much more visible issue for both individuals and companies. But hacker’s aren’t limited to software exploits to further their nefarious agenda. In 2014, the second most common cause of data breaches was social engineering—using deception and fraud to trick users into revealing passwords and other sensitive data.
As famous computer hacker Kevin Mitnick put it,
Companies spend millions of dollars on firewalls and secure access devices, and it’s money wasted because none of these measures address the weakest link in the security chain: the people who use, administer and operate computer systems.
EthicalHat partners with CISOs to help them achieve their security goals in alignment with their business goals. We support companies of varying sizes by developing custom security solutions, well-suited for their environments and needs.
We are a group of highly motivated security engineers who see the online security challenges as opportunities to help diverse business models achieve their security objectives. Information security is not our career – it is our passion.